> In short, in the middle of the workflow, customers journals was written to CD and mailed to physicians. Encryption? Eh, no... Any process in place to ensure safe keeping and return/destruction? Uh, forget about it...

That's a manually initiated transaction done internally and should be a red flag to anyone. Data outside of the organisation is data with no control. You could keep escalating this. That's an example of no 'speaking up' channel. If a channel to escalate is missing or poorly implemented, frauds will happen by internal or external agents. The process doesn't sound finely tuned at all.

Of course I was being ironic about it being ”finely tuned”!

What I’m saying is that in spite of having, in a sense, all the resources at their disposal, this process was chosen by the business, for the business.

An encrypted on-line service could, and should, have been implemented. But being far from tech & dev the business choose a process matching their compentecies.

Messing with this several years in, and trying to digitize a process obviously in need for it, is met with much resistance.

Another gem of a process:

Many (like hundreds) employees needed personal printers. But why?!

Because:

- printing claim from “modern” client/server system.

- Pinning an also printed bar-code to the pages from step one

- scanning these in to software that reads the bar-code and adds them to queues for mainframe processing.

D/A -> A/D? Huh?!

Holy cow! I almost fell off my chair...

And the inherent security risks in play here, not to mention acres of forrest consumed during the years. My mind is boggling...

Am I actually living my working life inside a Dilbert strip?! It’s not even funny, because it’s true.

What I’m saying is that many large corps are anything but in fine tune with tech.

It’s gonna’ cost em’ in the long run.

Right. I'm 'business' and the split 'business' vs 'tech' should not be there. I'm sure we've both seen terrible things, these are reinforced by organisational constructs. Escalate escalate escalate if you see something wrong. To coin a bigcorp slogan, of a company I admire the mission of, "Do the right thing" and "Not good enough."

I recently opened a new bank account in the UK and chose a 'challenger' bank. The process was secure, very smooth, the customer support very nice. They have no branches. This is regulationtech, not so much fintech, and challengers are coming from all sides, including in insurance. I wish these challengers well as being on the inside of incumbents I'm just left scratching my head "Why?".

I for one am through escalating stuff in a hierarchical organization. Too much politics.

I’ve been out of that game for a few years and have no ambitions make a career for myself at such a place.

In a very big, top down org. ponder the following:

Granting, in a specific scenario, that I’m right — this “whatever” is a disaster waiting to happen or possibly an already flaming disaster, heads have to roll.

Someone always have to take the blame, as this most likely will affect someones budget or set goals.

It might have profound effects on the current “1.” or “.One” consolidation & synergetic tech project that management is giving misdirected focus at the moment.

The “1Whatever” projects usually have bizarre amounts of $$$ attached, and end up holy.

Have you worked big enough companies you know about the “whateverOne” projects I’m referring to!

I don't know what 1.whatever is. Yes, I've worked for supercorps, mainly financials, and I have a responsibility to ensure customer and employee data are managed responsibly.

It is important to escalate what doesn't seem right. Sometimes that means email after email after email (written record) and that if it still doesn't smell right to keep pushing. Ops was a strange place, but 500 emails per day is no longer a challenge.

I commented this as an organisational failing rather than a technical one as a debate about UUIDs seems to be missing the point that people could have been aware something was not right but did not, or weren't allowed, or it got drowned in organisation, to do anything.

Clarification on 1/one — in my experience big co is naturally striving for synergies and often target “IT” as it’s seemingly an obvious candidate.

These projects often bare a description such as “ProgramOne”, “Platform1” or 1SomethingAwesome, and is of a “bite of more than you can chew” character.

At least at three of class leading companies I’ve worked, all with 90.000+ employees.

It’s just my disillusionment shining through! :)

I believe we agree — the future holds a merger of tech with business and what I’ve stated above are org failures. That’s true.

IT must not block business, it should expose opportunities and be inherently secure by convention.

> the future holds a merger of tech with business

Completely agree. And regulators are pushing for this. When.. in retail and SME banking and financial services the future is here, in Europe, but has yet to gain traction and public trust but that's coming quickly. That will be 5 years, change takes time, a long journey for VC money but not too long, they will see returns.

Asia will be slow. NA perhaps slower still. AU might pick up the ball but NZ will be faster if they choose. SG will lag HK because of technical debt in SG. I'm Asia based, not much idea on South America. South Asia are hand-tied by regulation, mainly currency, restrictions, the above regulators will be providing markets with the best retail and SME financial products. A hot place to be, Europe probably hotter coz PSD2.

My feeling is that at some places the effects is still somewhat underestimated.

There’s probably 90% lower hanging fruit than blockchain, if you know what I mean.

Throwing inventive projects at failing orgs will most likely fall flat.

I understand many of the challenges though, and no true recipe for change exists.

The closest I can think about is “letting go”.

I mean, you have people hired for a reason! If you don’t trust them doing their thing, who’s the one hiring them?

Yup, raise any flags and risk being treated as an outsider/treated poorly. That's my current situation after raising concerns ranging from being way overcharged on a government client project by a vendor who happens to be friends with a manager, and catching a now ex manager pulling mitm attacks on a router (to snoop/play politics) which happens to be on the same network as servers housing client data. It's an awful feeling not being able to have glaring issues resolved or be treated like shit after doing what seemed right and in the best interest of the company.

Needless to say, I'm making moves to get the hell out of there